Link to home
Create AccountLog in
Avatar of garyLittle
garyLittle

asked on

Followup question about VB.NETs weakness when it somes to protecting the algorithms of the primary code structure

This is a followup question concerning need for "obfuscation" of the code because someone can 'easily' get into and look at the primary code algorithms.
My application deals with highly classified encryption of data and if VB.NET opens up to the whole world what the algorithm is then there is a great problem.
This seems like a VERY GREAT WEAKNESS. I remember now that a few years ago I had decided that this problem was so serious that it kept me from converting to VB.NET. I thought by now that MS would have done something to fix it. Apprently not.
Has anyone run into this problem and does anyone have some sort of solution.
Gary
Avatar of KelvinY
KelvinY

Hi garyLittle,

I'm not sure where you get the idea that exposing an encryption algorithm is a weakness. The best encryption algortihms are the one's that have been extensively studdied and proven to have no obvious weaknesses. The only thing that needs to be secure is the encryption key. This a well-known principle - http://en.wikipedia.org/wiki/Kerckhoffs'_principle. Trying to keep you encryption algorithm secret is what Bruce Schneier calls Security Through Obscurity - http://www.schneier.com/crypto-gram-0205.html#1. The principle is that the fewer secrets you have the better your security.

If you are using .NET then you have access to some very secure algorithms in the System.Security.Cryptography namespace. These include the Rijndael and TripleDES algorithms. You would be well advised to use one of these rather than trying to roll your own algorithm.


Regards
  Kelvin
Avatar of garyLittle

ASKER

Thank you for your information. I have looked at the references and learned from them.
HOWEVER, the question was not about encryption algorithms, I have already done that.

The purpose of my request for information is how do I get around the apparent weakness of
VB.NET with respect to it providing an easy way for others to view the internal methods and
procedures. Is there a way to "obfuscate"? Are there products to do that?
Thanks
ASKER CERTIFIED SOLUTION
Avatar of KelvinY
KelvinY

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account